API Credentials are a combination of an API key and an API secret generated by ErisX clients through the ErisX Member Portal (EMP). These credentials are required to generate a token which must be included in all REST API private endpoint requests as well as to authenticate a WebSocket session.


In order to create a set of API credentials:

  1. Login to the ErisX Member Portal and navigate to the dropdown next to your username on the top right corner of the page and select API Settings.

  1. Click on Create New API Key

  1. Select the permissions you want to enable for this particular set of credentials. Give a label name to the API credentials. Click on Generate Key.


  1. Enter your funding password.

After successfully entering the funding password, you will be presented with the API key and secret. This information must be kept safe and stored properly; once you close the pop-up window it is not possible to see them again and you will need to start over if you haven’t recorded them.


As described above, during the creation of each set of API credentials, you will be prompted to select what permissions you would like to provide to the credentials. As a security consideration we highly recommend users always select the most restrictive combination of permissions that will allow your systems to operate correctly. What permissions are needed for each endpoint can be found in the API documentation.

  • Market Data: enables queries of historical market data and subscription to real time market data.

  • Trading: enables Order Management (placing, modifying and cancelling orders). When selecting trading permission, Market Data permission will automatically be selected.

  • Clearing (Ready Only): enables queries that provide information about the Member’s Clearing Account (trades, movements, balances, etc.).

  • Funding: enables withdrawal requests and deposit information queries.

  • Submit Block Trade: enables Block Trade submission.

Credentials Management

In the ErisX Member Portal all active API credentials can be viewed and managed in the API settings section. 

Any active API credentials can be deleted from this page. Once deleted, a set of API credentials can no longer be used and any requests signed by those credentials will not be authorized. 

For security reasons we highly recommend deleting any API credentials that are no longer in use and periodically refreshing API credentials by deleting existing credentials and creating new ones.

Token Generation

A token is required for all private REST endpoints in the Authorization header, in the format “Bearer {token}”. 

The required token is a JSON Web Token (JWT) that must be generated using the HS256 algorithm and the API key, secret and timestamp as described in the examples below.

  • The authentication requires a Unix Epoch timestamp in seconds.

  • Each token will only be valid for 60 seconds after the specified timestamp.


  • In Python use the pyjwt package to generate the token (

  • Note that some jwt encoding functions may return a byte array rather than a string, and some languages require explicit conversion. For example, in Python, you must use the decode() function.

  • Be aware that there must be a blank space between Bearer and the token.

Javascript Example:

Python 3 Example: